erusev/parsedown is vulnerable to cross-site scripting (XSS) attacks. The library does not do any filtering or sanitization before parsing markdown, allowing a malicious user to inject and execute arbitrary web script.
CPE | Name | Operator | Version |
---|---|---|---|
erusev/parsedown | le | 1.6.4 |